If you’re using Cloudflare for your website you might not realize the security protections that it can offer.
Using the free package you get access to setup up to five active firewall rules. On the Pro plan this goes up to 20 active firewall rules. The Pro plan also includes the Web Application Firewall (WAF) which will greatly improve security if you are not using any other type of WAF for your website.
What can we use these firewall rules for in a practical sense with WordPress?
- Restrict access to wp-login.php
- Restrict access to /wp-admin/
- Block WordPress XML-RPC xmlrpc.php
On the free plan the easiest win is to implement 3 rules for the above. This will greatly reduce your outside attack surface.
Continue reading…